urlscan.io logo urlscan.io
SecurityTrails logo

www.tenable.com Open in urlscan Pro
2606:4700:4400::ac40:92c0  Public Scan

Back to summary
URL: https://www.tenable.com/plugins/nessus/183766
Submission: On October 25 via api from EG — Scanned from DE

Form analysis 0 forms found in the DOM

Text Content

 * 
 * Plugins

 * Settings
   
   LINKS
   
   Tenable Cloud Tenable Community & Support Tenable University
   
   Severity
   VPRCVSS v2CVSS v3
   
   Theme
   LightDarkAuto
   
   Help


 * 
 * Plugins
   OverviewPlugins PipelineNewestUpdatedSearchNessus FamiliesWAS FamiliesNNM
   FamiliesLCE FamiliesTenable OT Security FamiliesAbout Plugin FamiliesRelease
   Notes
 * Audits
   OverviewNewestUpdatedSearch Audit FilesSearch
   ItemsReferencesAuthoritiesDocumentationDownload All Audit Files
 * Policies
   OverviewSearchAWS ResourcesAzure ResourcesGCP ResourcesKubernetes Resources
 * Indicators
   OverviewSearchIndicators of AttackIndicators of Exposure
 * CVEs
   OverviewNewestSearch
 * Attack Path Techniques
   OverviewSearch
    * Links
      Tenable CloudTenable Community & SupportTenable University
    * Settings
      Severity
      VPRCVSS v2CVSS v3
      Theme
      LightDarkAuto

DETECTIONS

 * Plugins
   OverviewPlugins PipelineRelease NotesNewestUpdatedSearchNessus FamiliesWAS
   FamiliesNNM FamiliesLCE FamiliesTenable OT Security FamiliesAbout Plugin
   Families
 * Audits
   OverviewNewestUpdatedSearch Audit FilesSearch
   ItemsReferencesAuthoritiesDocumentationDownload All Audit Files
 * Policies
   OverviewSearchAWS ResourcesAzure ResourcesGCP ResourcesKubernetes Resources
 * Indicators
   OverviewSearchIndicators of AttackIndicators of Exposure

ANALYTICS

 * CVEs
   OverviewNewestSearch
 * Attack Path Techniques
   OverviewSearch

 1. Plugins
 2. Nessus
 3. 183766

 1. Nessus


SUSE SLED15 / SLES15 / OPENSUSE 15 SECURITY UPDATE : GCC13 (SUSE-SU-2023:4162-1)

MEDIUM NESSUS PLUGIN ID 183766

 * Information
 * Dependencies
 * Dependents
 * Changelog

SYNOPSIS

The remote SUSE host is missing a security update.


DESCRIPTION

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15
host has packages installed that are affected by a vulnerability as referenced
in the SUSE-SU-2023:4162-1 advisory.

- A failure in the -fstack-protector feature in GCC-based toolchains that target
AArch64 allows an attacker to exploit an existing buffer overflow in
dynamically-sized local variables in your application without this being
detected. This stack-protector failure only applies to C99-style
dynamically-sized local variables or those created using alloca(). The
stack-protector operates as intended for statically-sized local variables. The
default behavior when the stack-protector detects an overflow is to terminate
your application, resulting in controlled loss of availability. An attacker who
can exploit a buffer overflow without triggering the stack-protector might be
able to change program flow control to cause an uncontrolled loss of
availability or to go further and affect confidentiality or integrity.
(CVE-2023-4039)

Note that Nessus has not tested for this issue but has instead relied only on
the application's self-reported version number.


SOLUTION

Update the affected packages.


SEE ALSO

https://bugzilla.suse.com/1206480

https://bugzilla.suse.com/1206684

https://bugzilla.suse.com/1210557

https://bugzilla.suse.com/1211427

https://bugzilla.suse.com/1212101

https://bugzilla.suse.com/1213915

https://bugzilla.suse.com/1214052

https://bugzilla.suse.com/1214460

http://www.nessus.org/u?788607a0

https://www.suse.com/security/cve/CVE-2023-4039

PLUGIN DETAILS

Severity: Medium

ID: 183766

File Name: suse_SU-2023-4162-1.nasl

Version: 1.0

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 10/24/2023

Updated: 10/24/2023





Supported Sensors: Agentless Assessment, Frictionless Assessment Agent,
Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent

RISK INFORMATION



VPR

Risk Factor: Medium

Score: 4.0

CVSS V2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N



CVSS Score Source: CVE-2023-4039

CVSS V3

Risk Factor: Medium

Base Score: 4.8

Temporal Score: 4.3

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C



VULNERABILITY INFORMATION

CPE: p-cpe:/a:novell:suse_linux:cpp13,
p-cpe:/a:novell:suse_linux:cross-nvptx-gcc13,
p-cpe:/a:novell:suse_linux:cross-nvptx-newlib13-devel,
p-cpe:/a:novell:suse_linux:gcc13, p-cpe:/a:novell:suse_linux:gcc13-32bit,
p-cpe:/a:novell:suse_linux:gcc13-pie, p-cpe:/a:novell:suse_linux:gcc13-c%2b%2b,
p-cpe:/a:novell:suse_linux:gcc13-c%2b%2b-32bit,
p-cpe:/a:novell:suse_linux:gcc13-fortran,
p-cpe:/a:novell:suse_linux:gcc13-fortran-32bit,
p-cpe:/a:novell:suse_linux:gcc13-info, p-cpe:/a:novell:suse_linux:gcc13-locale,
p-cpe:/a:novell:suse_linux:libasan8, p-cpe:/a:novell:suse_linux:libasan8-32bit,
p-cpe:/a:novell:suse_linux:libatomic1,
p-cpe:/a:novell:suse_linux:libatomic1-32bit,
p-cpe:/a:novell:suse_linux:libgcc_s1,
p-cpe:/a:novell:suse_linux:libgcc_s1-32bit,
p-cpe:/a:novell:suse_linux:libgfortran5,
p-cpe:/a:novell:suse_linux:libgfortran5-32bit,
p-cpe:/a:novell:suse_linux:libgomp1, p-cpe:/a:novell:suse_linux:libgomp1-32bit,
p-cpe:/a:novell:suse_linux:libhwasan0, p-cpe:/a:novell:suse_linux:libitm1,
p-cpe:/a:novell:suse_linux:libitm1-32bit, p-cpe:/a:novell:suse_linux:liblsan0,
p-cpe:/a:novell:suse_linux:libobjc4, p-cpe:/a:novell:suse_linux:libobjc4-32bit,
p-cpe:/a:novell:suse_linux:libquadmath0,
p-cpe:/a:novell:suse_linux:libquadmath0-32bit,
p-cpe:/a:novell:suse_linux:libstdc%2b%2b6,
p-cpe:/a:novell:suse_linux:libstdc%2b%2b6-32bit,
p-cpe:/a:novell:suse_linux:libstdc%2b%2b6-devel-gcc13,
p-cpe:/a:novell:suse_linux:libstdc%2b%2b6-devel-gcc13-32bit,
p-cpe:/a:novell:suse_linux:libstdc%2b%2b6-locale,
p-cpe:/a:novell:suse_linux:libstdc%2b%2b6-pp,
p-cpe:/a:novell:suse_linux:libstdc%2b%2b6-pp-32bit,
p-cpe:/a:novell:suse_linux:libtsan2, p-cpe:/a:novell:suse_linux:libubsan1,
p-cpe:/a:novell:suse_linux:libubsan1-32bit, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release,
Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available



Patch Publication Date: 10/23/2023

Vulnerability Publication Date: 9/8/2023



REFERENCE INFORMATION

CVE: CVE-2023-4039

SuSE: SUSE-SU-2023:4162-1

 * Tenable.com
 * Community & Support
 * Documentation
 * Education

 * © 2023 Tenable®, Inc. All Rights Reserved
 * Privacy Policy
 * Legal
 * 508 Compliance